But that doesn't solve the problem that all of that is still "Wish-It-Were-Two-Factor". Secret questions and secret answers are still passwords by a different name. (At this point I even keep them in the same password vault and am starting to pseudorandom generate them thanks to support lines treating them as passwords and giving people access to accounts based on easy to find knowledge.)
Instead of all the work banks put into chicanery around this secret question and answer security theater, they should just roll out real Two Factor and save us all some hassle.
Instead of all the work banks put into chicanery around this secret question and answer security theater, they should just roll out real Two Factor and save us all some hassle.